Software Vulnerabilities January 20, 2023

Dissecting and Exploiting TCP/IP RCE Vulnerability “EvilESP”

10 min read - September’s Patch Tuesday unveiled a critical remote vulnerability in tcpip.sys, CVE-2022-34718. The advisory from Microsoft reads: “An unauthenticated attacker could send a specially crafted IPv6 packet to a Windows node where IPsec is enabled, which could enable a remote code…

Application Security September 22, 2022

Does Follina Mean It’s Time to Abandon Microsoft Office?

4 min read - As a freelance writer, I spend most of my day working in Microsoft Word. Then, I send drafts to clients and companies across the globe. So, news of the newly discovered Microsoft Office vulnerability made me concerned about the possibility…

Banking & Finance April 19, 2022

Top Security Concerns When Accepting Crypto Payment

4 min read - From Microsoft to AT&T to Home Depot, more companies are accepting cryptocurrency as a way to pay for products and services. This makes perfect sense as crypto coins are a viable revenue source. Perhaps the time is ripe for businesses…

Government October 25, 2021

Nobelium Espionage Campaign Persists, Service Providers in Crosshairs

2 min read - In an advisory released on October 24, Microsoft announced ongoing campaigns it has attributed to the Nobelium state-sponsored threat group. IBM X-Force tracks this group as Hive099. If the name sounds familiar, that’s because it is the same group that…

Advanced Threats August 18, 2021

Hunting for Evidence of DLL Side-Loading With PowerShell and Sysmon

6 min read - Recently, X-Force Red released a tool called Windows Feature Hunter, which identifies targets for dynamic link library (DLL) side-loading on a Windows system using Frida. To provide a defensive counter-measure perspective for DLL side-loading, X-Force Incident Response has released SideLoaderHunter,…

News July 1, 2021

Malware Actors Have Begun Using AutoHotkey Scripts For Attacks

2 min read - Living-off-the-land attacks aren’t new. They’re tactics in which attackers misuse tools native to an infected device. They do this in an effort to not install any foreign files or tools as a means. That way, most security tech won’t notice…

News June 7, 2021

Fake Microsoft Store and Spotify Ads Lead to Ficker Malware

2 min read - People tend to be less guarded when they’re dealing with something familiar. Digital attackers know this, which explains why they set up malware behind ads pretending to be for Microsoft Store products and Spotify. Bleeping Computer learned from ESET that…

August 18, 2020

Phishers Grab Microsoft Credentials With Fake SharePoint Emails

3 min read - A new phishing attack begins with a scam email disguised as an automated message from Microsoft SharePoint, Abnormal Security observed on Monday, July 27. Those responsible for the attack do not address the email to any specific employee within the…

August 5, 2020

Users Beware: Spotting a Microsoft Renewal Scam

3 min read - A novel scam began when a user received an email impersonating a notification from Microsoft, Abnormal Security observed on Friday, July 17. The scam arrived after Microsoft had recently taken several steps to deter scammers. Security professionals should be aware of…

May 28, 2020

PonyFinal Ransomware Leverages Brute-Force Attacks to Access Networks

2 min read - Security researchers observed PonyFinal ransomware using brute-force attacks to access targeted organizations' networks.